When testpmd runs in interactive mode, SIGINT is handled by setting
the quit flag and calling prompt_exit() so the cmdline input path can
be interrupted.
However, prompt() frees the cmdline object with cmdline_stdin_exit()
after cmdline_interact() returns, while the global testpmd_cl pointer
may still be observed by a later signal during shutdown. If SIGINT
arrives after the cmdline object is freed, prompt_exit() may call
cmdline_quit() on stale state and trigger a use-after-free.
Keep the existing prompt_exit() behavior so interactive input can
still be cancelled, but move the cmdline object lifetime under a
local pointer and use atomic load/store for testpmd_cl so the signal
path cannot observe freed state.
This preserves the interactive-mode fix introduced for Windows while
avoiding a shutdown-time use-after-free.
Fixes: f1d0993e034e ("app/testpmd: fix interactive mode on Windows")
Cc: [email protected]
Signed-off-by: Sunyang Wu <[email protected]>
---
app/test-pmd/cmdline.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/app/test-pmd/cmdline.c b/app/test-pmd/cmdline.c
index c5abeb5730..ee1eff737b 100644
--- a/app/test-pmd/cmdline.c
+++ b/app/test-pmd/cmdline.c
@@ -41,6 +41,7 @@
#endif
#include <rte_mbuf_dyn.h>
#include <rte_mbuf_history.h>
+#include <rte_stdatomic.h>
#include <rte_trace.h>
#include <cmdline_rdline.h>
@@ -70,7 +71,7 @@
#include "cmdline_tm.h"
#include "bpf_cmd.h"
-static struct cmdline *testpmd_cl;
+static RTE_ATOMIC(struct cmdline *) testpmd_cl;
static cmdline_parse_ctx_t *main_ctx;
static TAILQ_HEAD(, testpmd_driver_commands) driver_commands_head =
TAILQ_HEAD_INITIALIZER(driver_commands_head);
@@ -14500,22 +14501,31 @@ cmdline_read_from_file(const char *filename, bool
echo)
void
prompt_exit(void)
{
- cmdline_quit(testpmd_cl);
+ struct cmdline *cl;
+
+ cl = rte_atomic_load_explicit(&testpmd_cl, rte_memory_order_acquire);
+ if (cl != NULL)
+ cmdline_quit(cl);
}
/* prompt function, called from main on MAIN lcore */
void
prompt(void)
{
- testpmd_cl = cmdline_stdin_new(main_ctx, "testpmd> ");
- if (testpmd_cl == NULL) {
+ struct cmdline *cl;
+
+ cl = cmdline_stdin_new(main_ctx, "testpmd> ");
+ if (cl == NULL) {
fprintf(stderr,
"Failed to create stdin based cmdline context\n");
return;
}
- cmdline_interact(testpmd_cl);
- cmdline_stdin_exit(testpmd_cl);
+ rte_atomic_store_explicit(&testpmd_cl, cl, rte_memory_order_release);
+ cmdline_interact(cl);
+ /* Clear global pointer before freeing cmdline object. */
+ rte_atomic_store_explicit(&testpmd_cl, NULL, rte_memory_order_release);
+ cmdline_stdin_exit(cl);
}
void
--
2.19.0.rc0.windows.1
